Malicious FedEx Notification Emails
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered a new campaign of malicious spam posing as FedEx notifications.
The notifications claim to be from FedEx and explain that a package sent by the recipient in the past month was not delivered. The message has an attachment claimed to be a copy of the invoice. The attachment is in a zip file but is actually a Trojan Downloader.
This spam wave is a continuation of an ongoing theme used in recent months of using a parcel service invoice as the social engineering attack vector.
Here is a screenshot of the malicious email:
Websense Messaging and Websense Web Security customers are protected against this attack.